Posted
by
Soulskill
on Wednesday June 06, 2012 @01:52PM
from the somebody-call-guinness dept.

An anonymous reader writes "In the last two years, over 200 million Indian nationals have had their fingerprints and photographs taken and irises scanned, and given a unique 12-digit number that should identify them everywhere and to everyone. This is only the beginning, and the goal is to do the same with the entire population (1.2 billion), so that poorer Indians can finally prove their existence and identity when needed for getting documents, getting help from the government, and opening bank and other accounts. This immense task needs a database that can contain over 12 billion fingerprints, 1.2 billion photographs, and 2.4 billion iris scans, can be queried from diverse devices connected to the Internet, and can return accurate results in an extremely short time."

Typical AC moron. Didn't get the joke, and took it way too seriously in a complete non sequitur direction. Sleep well, idiot. Maybe the brain cell fairy will visit you and leave a clue under your pillow.

1. Pastebin doesn't have anywhere near the space needed to paste these2. Pastebin doesn't have fingerprint, iris, faecal sample support (yet?)3. Even if you did expose the entire database, it would still be useless without write access to alter the data - so you can claim to be somebody else.

Number 3 is also a case for every nation that issues ID cards or biometric passports today. But only the government has any access to the database. I.e. it's not sold to 3rd parties for marketin

I was going to suggest something along the lines of saying hashing the data, but then I realized you want to scan someone's iris and then compare that scan in the database.... Hashing won't work here. DCT would likely work, but is sloooow, the more I think about it the more I realise this is not an easy problem, though really it is if you change the problem:

Every person gets a GUID. They present the GUID as their ID. You query the DB for the GUID and submit their iris scan as the authenticator. You don

Iris scanning actually works in a way similar to a hash. You take the iris picture and find a 2048-bit number, the "IrisCode" or wherever you wanna call it. If you want to make a comparison, then you find the IrisCode for the other picture, and compute the Hamming distance between two. The threshold for match or no-match is actually a function of the database size. (I read the paper a while ago and I'm probably made a few mistakes describing it, but it works along those lines). John Daugman [cam.ac.uk] site has more details.

Most searching is done with 4 or 6 fingerprints. Index fingers plus thumbs for the 4 print systems add in middle fingers for the 6 print systems. Those fingers tend to have the most minutiae points. When they records are captured you know where the finger positions are so you only search those finger positions. Iris searching is way way faster then fingerprints, so you search all of the records with iris then take the top 10% or so and search those fingerprints. That way you will not have to spend so much t

Exactly, but some organizations also use everything including DNA. I'm guessing India is using all 10 digits and both palms to come up with that number. Thumbs are good to have as many prints will be those.

Thumbs are good to have not just for identification but to allow us to tie our shoelaces more easily and handle knives and forks, etc. Also press the space bar on normal keyboards. Not just thumbs, but opposable thumbs.

It is actually important to capture all the fingerprints because you do not know which finger will be the best over a period of time. Often the best finger for transactions ends up being the little finger since it is the least likely to have damage or get worn off over time.

Plus the real cost of the system is having to capture all the data in the field. The incremental cost is minimal to capture 1 vs 10 and the improved de-duplication and long term viability of the system is improved by capture all.

For those who are interested to know more, here is their quite detailed website http://uidai.gov.in/ [uidai.gov.in]
More than anything else, it conveys the logistical and bureaucratical complexity of executing a project of this dimension across a country like India.

Where does India outsource/their/ IT jobs for managing things like this database?

Erm, the United States. We're the world leaders in the manufacture of sophisticated mass-surveillance and tracking technology. It's our other major export besides financial know-how, bombs, and working-class misery. The NSA is building a data center right now to track every packet of data sent within the borders of this country. And we don't just store biometric hashes -- W're taking complete, high-resolution imagery of our citizens bodies and keeping them on file. The kind of surveillance and tracking we do on our own citizens make this look like a high school science project.

There's no reason to think we wouldn't happily help the corporation of India... er, I mean, the country of India (sorry, I'm American.. it's hard to keep corporations and governments separate).

To be very specific: The 3 consortiums involved are US, US, FR as far as the tech goes. Each consortium includes a few different companies all of which, I believe, include some local talent for support / logistics and some code.

India is a messed up 3rd world country with too much corruption and too much of losses to the middlemen. For example, discounted food supplies sent to the poorer sections of the society are misappropriated by the distribution stores. Very small percentage of the poorer population has bank accounts or even an identity card of any sort, or often times even a birth certificate. ( so think of trying to do something in the US without a state id.. or ssn!)

Biometrics are not just fingerprints: Apple's Siri and whatever imitation was made available for Android do one thing very well: they export a pristine, digital quality voiceprint with owner details to the US every time they are used.

It's the second largest successful intelligence intercept ever - the first one being WhatsApp and iMessage tapping what was formerly harder-to-get SMS traffic..

I am from India and had my scanning done a week back. The software seemed to be a qt hackjob loaded on multiple ubuntu laptops.
The photo came out funny but the 10 finger and iris scans were detailed enough to make me feel uneasy. Not to mention the fact that every piece
of identification from graduation certificates to driving licenses to bank account numbers are linked to this single database. Bah.. Its India.. who cares for
data privacy here...